Project request

CRA Check

Is your product ready for the Cyber Resilience Act?

From 2027, the Cyber Resilience Act (CRA) will make cybersecurity a mandatory requirement for most connected hardware and software products in the EU.

About the Cyber Resilience Act

The Cyber Resilience Act is a new EU regulation designed to improve the cybersecurity of digital products placed on the European market. It applies to hardware and software that are – or can be – connected to a network or the internet. The CRA aims to ensure that:

cybersecurity is built in by design and by default

vulnerabilities are monitored and security updates are provided during the whole product lifetime

economic operators (manufacturers, importers, distributors) take clear responsibility for the security of their products and can demonstrate compliance through documentation and CE marking.

In other words: cybersecurity becomes a core product requirement, not an optional extra.

Who is likely to be affected by the CRA?

The CRA covers a wide range of companies that bring digital products to the EU market – regardless of company size.

Manufacturers of digital products

You design or develop connected hardware or software – for example IoT devices, embedded systems, industrial controllers, apps or standard software. As a manufacturer, you are responsible for risk assessments, secure development practices, vulnerability management, documentation and long-term security updates.

Illustration: person receiving live help from a support agent on a laptop screen.

Importers and distributors

You import connected products into the EU or resell them as a distributor, system integrator or retailer. You must verify that the products you place on the market are CRA-compliant, correctly CE-marked and properly documented. In some situations, you may even be considered the manufacturer.

Operators of connected systems and OT

You operate machines, devices or systems that rely on networked digital components. Even if you don’t manufacture products yourself, CRA obligations will influence your procurement, contracts and risk management – and shape the questions you should ask your suppliers.

Check if you are affected

  • For free
  • No registration requiered
  • Right now
Start Free Assessment →

Cyber Resilience Act - Check

CRA Check ENG

Is your product ready for the EU Cyber Resilience Act?

Answer a few questions and get a quick, non-binding assessment of how strongly the CRA may affect your digital product and your role in the supply chain.

  • 2–3 minutes, no registration
  • No personal data required
  • Immediate result with next-step suggestions
This check is not legal advice, but it will help you understand your CRA exposure and structure your next compliance steps.